Visual Problem-Solving Support for New Event Triage in Centralized Network Security Monitoring: Challenges, Tools and Benefits

Organizations that provide centralized security monitoring of the networks of multiple third-party organizations are faced with a challenging task. The amount of security event data to be processed presents not only a technical challenge, but also a problem-solving challenge to operators. We present a model of the problem-solving process and discuss how visual support tools can facilitate the central problem-solving step called new event triage. We argue that with tools such as these the natural benefits of centralized monitoring can come into play, which enhances effectiveness of centralized monitoring to a level beyond the reach of organizations focusing exclusively on their own network.

[1]  Pak Chung Wong,et al.  30 Years of Multidimensional Multivariate Visualization , 1994, Scientific Visualization.

[2]  Dominique Brodbeck,et al.  A Visual Approach for Monitoring Logs , 1998, LISA.

[3]  Alfred Inselberg,et al.  Parallel coordinates: a tool for visualizing multi-dimensional geometry , 1990, Proceedings of the First IEEE Conference on Visualization: Visualization `90.

[4]  Alfred Inselberg,et al.  Parallel coordinates for visualizing multi-dimensional geometry , 1987 .

[5]  Hans Hagen,et al.  Scientific Visualization: Overviews, Methodologies, and Techniques , 1997 .

[6]  Gregg H. Gunsch,et al.  An artificial immune system architecture for computer security applications , 2002, IEEE Trans. Evol. Comput..

[7]  Deborah A. Frincke,et al.  Intrusion and Misuse Detection in Large-Scale Systems , 2002, IEEE Computer Graphics and Applications.

[8]  Kofi Nyarko,et al.  Network intrusion visualization with NIVA, an intrusion detection visual analyzer with haptic integration , 2002, Proceedings 10th Symposium on Haptic Interfaces for Virtual Environment and Teleoperator Systems. HAPTICS 2002.

[9]  Hans-Peter Kriegel,et al.  Visualization Techniques for Mining Large Databases: A Comparison , 1996, IEEE Trans. Knowl. Data Eng..